[13868] in cryptography@c2.net mail archive
Re: Announcing httpsy://, a YURL scheme
daemon@ATHENA.MIT.EDU (Ed Gerck)
Wed Jul 16 11:54:24 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Jul 2003 08:48:00 -0700
From: Ed Gerck <egerck@nma.com>
To: "Mark S. Miller" <markm@caplet.com>
Cc: Ben Laurie <ben@algroup.co.uk>, Tyler Close <tyler@waterken.com>,
cryptography@metzdowd.com
"Mark S. Miller" wrote:
> >Ed Gerck wrote:
> >>[...] Spoofing and
> >> MITM become quite easy to do if you trust an introducer to tell you where to go.
>
> ... when an introducer does it, *by definition* it isn't a MITM attack.
You say that "By definition, Alice can't introduce him [Bob] to an inauthentic party,
because whoever Alice introduces him [Bob] to, that's who Alice introduced him
[Bob] to."
IF Alice is trusted by Bob to introduce ONLY authentic parties, yes. And that is the
problem.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
